Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-14348
Publication date:
05/08/2019
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2019

CVE-2019-4473
Publication date:
05/08/2019
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2023

CVE-2019-4284
Publication date:
05/08/2019
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2022

CVE-2019-4261
Publication date:
05/08/2019
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. IBM X-Force ID: 160013.
Severity CVSS v4.0: Pending analysis
Last modification:
01/01/2022

CVE-2017-18477
Publication date:
05/08/2019
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18478
Publication date:
05/08/2019
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18480
Publication date:
05/08/2019
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18479
Publication date:
05/08/2019
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18482
Publication date:
05/08/2019
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18474
Publication date:
05/08/2019
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18475
Publication date:
05/08/2019
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019

CVE-2017-18476
Publication date:
05/08/2019
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2019
Subscribe to Vulnerabilities